The threat of malicious insiders is a top concern for government and corporate agencies. Insider threats—a trusted adversary who operates within an organization's boundaries—are a significant danger to both private and public sectors, and are often cited as the greatest threat to an organization. Insider threats include disgruntled employees or ex-employees, potential employees, contractors, business partners, and auditors. The damage caused by an insider threat can take many forms, including workplace violence; the introduction of malware into corporate networks; the theft of information, corporate secrets, or money; the corruption or deletion of data; and so on. According to a recent survey, it takes on average 416 days to contain an insider attack (HP Cyber Risk Report, 2012), and insider threats have been estimated to result in “tens, if not hundreds of billions of dollars” in damages. The identification process of insider threats is heightened in very large organizations. For instance, identifying a small number of potential insider threats within an organization with thousands of employees is a literal “needle in the haystack” problem.
Therefore, there is a need for a system and a method for determining whether a particular personnel poses an insider threat.